<div dir="ltr">On Sat, Aug 9, 2014 at 6:10 AM, Sergio Lerner <span dir="ltr"><<a href="mailto:sergiolerner@certimix.com" target="_blank">sergiolerner@certimix.com</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Hi Tim,<br>
It's clear from the paper that the second party in the protocol can
de-anonymize the first party. So it's seems that dishonest shufflers
would prefer to be in that position in the queue.<br></div></blockquote></div><br></div><div class="gmail_extra">That's not clear to me. The 2nd party doesn't know how the 3rd, 4th, 5th, etc. parties shuffled the outputs, since it doesn't have their decryption keys.<br>
</div></div>